help with tcpdump cmd syntax
I tried tcpdump -i rl0 src host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 src ip 218.166.163.180 -w /usr/tcpdump.data but got syntax error msg with no hint of what was wrong If I remove the -w stuff it works. Meaning it prints to the screen. But I want to write to file Can you help me out here on the syntax error? One other thing. When does tcpdump get access to the packet? My firewall has a block log rule for that ip address. Does tcpdump see the packet before ipfilter ipnat does? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help with tcpdump cmd syntax
fbsd_user [EMAIL PROTECTED] wrote: I tried tcpdump -i rl0 src host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 src ip 218.166.163.180 -w /usr/tcpdump.data but got syntax error msg with no hint of what was wrong If I remove the -w stuff it works. Meaning it prints to the screen. But I want to write to file Can you help me out here on the syntax error? According to the man page the expression comes last. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: help with tcpdump cmd syntax
On 08/04/2006 14:56, fbsd_user wrote: I tried tcpdump -i rl0 src host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 host 218.166.163.180 -w /usr/tcpdump.data tcpdump -i rl0 src ip 218.166.163.180 -w /usr/tcpdump.data but got syntax error msg with no hint of what was wrong If I remove the -w stuff it works. Meaning it prints to the screen. But I want to write to file Can you help me out here on the syntax error? Have a look at 'tcpdump -h' (or man, of course). Expression (i.e. 'src host 218.166.163.180') is the last argument. This should work: tcpdump -i rl0 -w /usr/tcpdump.data src host 218.166.163.180 One other thing. When does tcpdump get access to the packet? My firewall has a block log rule for that ip address. Does tcpdump see the packet before ipfilter ipnat does? Yes. I'm not familiar with kernel code, but I can perfectly see all packets with tcpdump. HTH, Karol -- Karol Kwiatkowski freebsd at orchid dot homeunix dot org OpenPGP: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc signature.asc Description: OpenPGP digital signature
